General

  • Target

    e9ccfae9cb025410406a12538137c69f.exe

  • Size

    1019KB

  • Sample

    210121-3ftm815lje

  • MD5

    e9ccfae9cb025410406a12538137c69f

  • SHA1

    937d1cbd99d0f50bdfad67edfd96c811f0475d88

  • SHA256

    fed11979ec84668f90bec2df7dde9872c7569080bbc832415746cde54bb3c384

  • SHA512

    d84dd2e2ff238774afdf5858944f4b9c1e7e8ee38e190235348d88e09acb8f87992569c725df67b48a1b1f2faddbef19e191d59cdeb4f46ac082870e0286b9e0

Malware Config

Extracted

Family

formbook

C2

http://www.learnhour.net/eaud/

Decoy

modshiro.com

mademarketingoss.com

austinjourls.info

wayupteam.com

crossingfinger.com

interseptors.com

gigashit.com

livetigo.com

halamankuningindonesia.com

windhammills.com

aylinahmet.com

mbacexonan.website

shopboxbarcelona.com

youyeslive.com

coonlinesportsbooks.com

guorunme.com

putlocker2.site

pencueaidnetwork.com

likevector.com

vulcanudachi-proclub.com

Targets

    • Target

      e9ccfae9cb025410406a12538137c69f.exe

    • Size

      1019KB

    • MD5

      e9ccfae9cb025410406a12538137c69f

    • SHA1

      937d1cbd99d0f50bdfad67edfd96c811f0475d88

    • SHA256

      fed11979ec84668f90bec2df7dde9872c7569080bbc832415746cde54bb3c384

    • SHA512

      d84dd2e2ff238774afdf5858944f4b9c1e7e8ee38e190235348d88e09acb8f87992569c725df67b48a1b1f2faddbef19e191d59cdeb4f46ac082870e0286b9e0

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Xloader

      Xloader is a rebranded version of Formbook malware.

    • Xloader Payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks